Purging container images from Azure Container Registry

Purging container images from Azure Container Registry

Keeping container registries clean and neat is not always an easy task. We have fairly agile release processes, and sometimes we release many images, several times per day across dev- and production environments. Microsoft recently introduced a neat way to automatically purge images based on filters, directly from the Azure CLI. Use casesI saw an immense growth in the Azure Container Registry size. Tags, experimental features, legacy releases, and more - everything we ever pushed to ACR is just sitting there. Most of it is doing nothing. Seeing this, I created a set of utility scripts that could help me…

Read More

How Tokens and Scope Maps for Azure Container Registry introduces great repository-level access restrictions

How Tokens and Scope Maps for Azure Container Registry introduces great repository-level access restrictions

I have previously written about various Container-topics on this site. Recently, I also published a post about "Best Practices for security in Azure Container Registry." In this post, I want to bring awareness to how we can make use of one of the tips from that post, namely the Repository-scoped permissions. We can now create more fine-grained permission for our ACR. Time-limited access to help block any access after a specific point in time.Granular permission control helps restrict or allow specific actions on the registry. Actions are usually things like Read (pull), Write (push), Delete.Help your organization delegate…

Read More

Protecting your Azure Container Registry by denying all requests except from allowed IP addresses

Protecting your Azure Container Registry by denying all requests except from allowed IP addresses

With Azure Container Registry, or ACR, we get a lot of great capabilities to host our Docker images in the Azure cloud. With that, as with everything else, comes security concerns we should not overlook. In this post I'm exploring how we can lock down all access to our ACR by default, and then enable access based on an IP address or range of IP addresses. This is similar to what I've already explained in another post about Secure your Azure Storage Accounts with restrictions based on public IP addresses. If you haven't seen that, take a look there how…

Read More

Close You've successfully subscribed to Tobias Zimmergren's thoughts on tech.
Close Great! You've successfully signed up.
Close Welcome back! You've successfully signed in.
Close Success! Your account is fully activated, you now have access to all content.